Can we include the license file in the source release tarball ?
Closed this issue · 4 comments
Hi!
When trying to package marathon-python for Fedora (and CentOS for RDO due to a dependency in magnum, I noticed that the LICENSE file is not included in the released source tarballs.
This is sort of an issue from a packaging perspective since the license can change throughout the history of a project and bundling the license in the source tarball provides some level of guarantee that this particular release was a specific license.
Example showing the license not in the release:
┬─[dmsimard@hostname:~/Downloads]─[09:36:01 AM]
╰─>$ wget https://pypi.python.org/packages/a3/9a/066a2b4126295532c55d6ad13b47c2f74eae3b411f60bdabe68d430ccd9f/marathon-0.8.7.tar.gz
--2016-10-31 09:36:07-- https://pypi.python.org/packages/a3/9a/066a2b4126295532c55d6ad13b47c2f74eae3b411f60bdabe68d430ccd9f/marathon-0.8.7.tar.gz
Resolving pypi.python.org (pypi.python.org)... 2a04:4e42:8::223, 151.101.32.223
Connecting to pypi.python.org (pypi.python.org)|2a04:4e42:8::223|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20273 (20K) [binary/octet-stream]
Saving to: ‘marathon-0.8.7.tar.gz’
marathon-0.8.7.tar.gz 100%[=====================================================================================================================================================================================================>] 19.80K --.-KB/s in 0.02s
2016-10-31 09:36:07 (864 KB/s) - ‘marathon-0.8.7.tar.gz’ saved [20273/20273]
┬─[dmsimard@hostname:~/Downloads]─[09:36:07 AM]
╰─>$ tar -xzvf marathon-0.8.7.tar.gz
marathon-0.8.7/
marathon-0.8.7/marathon/
marathon-0.8.7/marathon/util.py
marathon-0.8.7/marathon/_compat.py
marathon-0.8.7/marathon/models/
marathon-0.8.7/marathon/models/deployment.py
marathon-0.8.7/marathon/models/group.py
marathon-0.8.7/marathon/models/events.py
marathon-0.8.7/marathon/models/constraint.py
marathon-0.8.7/marathon/models/info.py
marathon-0.8.7/marathon/models/__init__.py
marathon-0.8.7/marathon/models/container.py
marathon-0.8.7/marathon/models/base.py
marathon-0.8.7/marathon/models/endpoint.py
marathon-0.8.7/marathon/models/app.py
marathon-0.8.7/marathon/models/queue.py
marathon-0.8.7/marathon/models/task.py
marathon-0.8.7/marathon/__init__.py
marathon-0.8.7/marathon/client.py
marathon-0.8.7/marathon/exceptions.py
marathon-0.8.7/PKG-INFO
marathon-0.8.7/setup.cfg
marathon-0.8.7/setup.py
marathon-0.8.7/marathon.egg-info/
marathon-0.8.7/marathon.egg-info/pbr.json
marathon-0.8.7/marathon.egg-info/requires.txt
marathon-0.8.7/marathon.egg-info/dependency_links.txt
marathon-0.8.7/marathon.egg-info/top_level.txt
marathon-0.8.7/marathon.egg-info/PKG-INFO
marathon-0.8.7/marathon.egg-info/SOURCES.txt
┬─[dmsimard@hostname:~/Downloads]─[09:36:11 AM]
╰─>$ tree marathon-0.8.7
marathon-0.8.7
├── marathon
│ ├── client.py
│ ├── _compat.py
│ ├── exceptions.py
│ ├── __init__.py
│ ├── models
│ │ ├── app.py
│ │ ├── base.py
│ │ ├── constraint.py
│ │ ├── container.py
│ │ ├── deployment.py
│ │ ├── endpoint.py
│ │ ├── events.py
│ │ ├── group.py
│ │ ├── info.py
│ │ ├── __init__.py
│ │ ├── queue.py
│ │ └── task.py
│ └── util.py
├── marathon.egg-info
│ ├── dependency_links.txt
│ ├── pbr.json
│ ├── PKG-INFO
│ ├── requires.txt
│ ├── SOURCES.txt
│ └── top_level.txt
├── PKG-INFO
├── setup.cfg
└── setup.py
3 directories, 26 files
Hi!
That info is contained both in the license arg and License classifier in setup.py. Is that enough?
For inclusion in Fedora (+CentOS/RHEL), unfortunately not :(
Here's the documentation on packaging guidelines around licensing that indicates that the license file should ideally be located in the released source tarballs:
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Text
ah okay. Well, I'll take a look at how to get the packaging to do that, but of course PRs are welcome if you know how to make it happen
Thanks :)
FYI python-marathon is now packaged in Fedora >=24 and EPEL.
http://koji.fedoraproject.org/koji/packageinfo?packageID=23254